Numerous families of malware exist whose binaries change rapidly as new versions of malware are introduced. In many cases, the malware uses the same icon as a legitimate software package. A familiar icon can be crucial to the success of social engineering malware that the authors were attempting to perform with this malware. However, signature-based detection rate can be highly inconsistent and the newest samples may barely be detected at the time of examination.